If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Install Openvas 9 with Postgres on Kali linux Rolling

NB: This guide is designed for Postgres 9.6, Kali have after releasing this guide updated to Postgres 10. Make sure you have Postgres 9.6 installed (and not 10) when using this guide. If you make Postgres 10 work with this guide, let me know the steps you took and I'll incorporate it in the guide.

Inspired by 0x4E0x650x6FŽ guide: Install Openvas 8 with Postgres on Kali linux Rolling
Sadly 0x4E0x650x6FŽ guide doesn't work for the newest version of the OpenVAS-Mangager, as it have been changed with Openvas-9.
This guide is an updated version of 0x4E0x650x6FŽ guide, and goes through the steeps needed to compile OpenVAS-manager to use PostgreSQL and how-to set up OpenVAS so that it runs using PostgreSQL as the database instead of SQLite.

This guide is made for Kali rolling, but it might work for other systems. Please also keep in mind that all versions number are from when this guide was made, so newer versions may have been released since then. So if a specific package can’t be found, it may because a newer version have replaced it.

All of the commands run in this guide is run as a superuser.

Install and setup PostgreSQL
First of PostgreSQL needs to be installed

Code:

apt-get install postgresql
service postgresql start

Next setup the user and database with is going to be used by the OpenVAS-manager. These commands needs to be run as the postgres user, as it is the default super user for PostgreSQL.

Building and install the OpenVAS-manager
First of find a place to download the OpenVAS-manager source code to. I create a folder openvas to keep all the files in.

Code:

cd /
mkdir -p openvas/debs
cd openvas/

Next up we need to configure apt-get to also include the Kali source repositories. Edit the file “/etc/apt/sources.list” and remove the out commenting of the line “deb-src http://http.kali.org/kali kali-rolling main non-free contrib”. I use nano for this.

Code:

nano /etc/apt/sources.list
# Enable deb-src by uncommenting it

Finally, we need the dpkg-dev package, to be able to build and install from the OpenVAS-manager source.

Code:

apt-get install dpkg-dev

We are now ready to retrieve the OpenVAS-manager source.

Code:

apt-get source openvas-manager

Before compiling the source, we need to check for any missing dependences and make some minor adjustment so that the OpenVAS-manager will use the PostgreSQL database. First we check for missing dependencies for the manager.

Code:

cd openvas-manager-7.0.2/
dpkg-checkbuilddeps

This returns a list of missing dependences needed for the OpenVAS-manager. If it didn’t return anything, you already got everything you need so everything’s great, if it did return missing dependences, you need to apt-get install each of them.
When you got all the dependences, we need to configure the source code to use PostgreSQL instead of SQLite. First of we need to change the Debian build rules located in “debain/rules” and add the following command "-DBACKEND=POSTGRESQL" to the “override_dh_auto_configure” command. Ones again I use nano for this.

The installation may fail, if any dependencies are found to be missing. In the case apt-get install the missing dependencies and rerun the dpkg command.
After installing the openvas-manager you should hold all its packages so it is not accidently overridden by a SQLite version in a later update (remember you have to manually update the openvas-manager from the source code).

From my testing Postgres v10 doesn't work with the setup in this guide, and that is most likely the cause of the errors, as Postgres have been updated to v10 on the latest Kali distribution.
To make the current guide work you should use Postgres 9.6.
If I get the time, I'll have a look at updating the guide to use Postgres 10. If anyone else figures it out in the meantime let me know, and I'll update the guide.

Hey everyone, I'm trying to migrate our installation to Postgres and the migration script is failing with a duplicate key error. I've opened the SQLite tasks.db file and looked at the table but cannot find a duplicate for the entry mentioned. Here is the error:

Now everything is migrated over and the database seems to be using postgres. I'm able to login and see my reports, scan configs, and tasks. However, I have an issue on the dashboard where it is giving an error: "SCAP and/or CERT database missing on OMP server." Sure enough if I got to SecInfo -> All Security Info it comes back empty. Tried running the greenbone-*-sync scripts and openvasmd --rebuild but it didn't seem to fix it.

Is there a way to manually repopulate this information into the database or fix this?

UPDATE 2:
Ok, I think I'm moving closer...

I found that the sync scripts had POSTGRES=0 set and changed that to 1.

I was able to initialize the Postgres Vulns schemas but doing the following:

cd /usr/share/openvas/cert
psql tasks < cert_db_init.sql

cd /usr/share/openvas/scap
psql tasks < scap_db_init.sql

I had then hoped running the sync scripts would populate the tables with data, but no such luck. It seems the scripts are not working. Do I need to get different versions of the scripts to use with Postgres? Here is the version numbers for the scripts:

Hey everyone, I was able to figure out how to get the Secinfo DB to be updated. I looked through the update scripts and noticed that I could enable logger to display to stderr by adding a -s switch. This allowed me to then run the scripts and notice that they kept saying that the DB was up to date and didn't need to by synced. It turns out that it was updating the old SQLite DB files. I simply deleted those and deleted all the data in the CERT_DIR and SCAP_DIR directories and then ran the scripts again. This then redownloaded the content and inserted it into the DB.

In short:
If your SecInfo DB is empty after migrating to Postgres and the scripts aren't updating them, delete all the CERT_DIR and SCAP_DIR data and then rerun the update scripts.